With the release of
Windows 7 Client Microsoft is also accompanying it with an upgrade to
Windows Server 2008 adding the ‘Release 2’ moniker which in my opinion
adds some major improvements that make the cohesive experiences between
both platforms beneficial to both Administrators and business users on
the go. Don’t be concerned though, Windows 7 works just fine in existing
Windows Server 2008 and 2003 environments, but if you want to take
advantage of the synergies, deploying both Windows 7 and Windows Server
2008 R2 can definitely be worth your while. Honestly, I don’t know why
Microsoft didn’t bother to call this upgrade Windows Server 2010 because
of the numerous improvements Administrators and business users can
expect. One of the significant changes Windows Server 2008 introduces
with the R2 release is to focus on an all 64 bit strategy. Microsoft has
committed to their promise of making Windows Server 2008 released back
in February 2008 the last 32 bit release of Microsoft’s flagship NOS.
With the plethora of 64 bit capable systems out there today and those
that have been on the market for the past few years, I don’t see
anything to complain or worry about. This does not mean the end of 32
bit applications either; we will continue to see those thrive on 64 bit
operating systems for years to come. AMD which introduced the x86-x64
architecture with the debut of the AMD 64 back in fall 2003 developed an
innovative method of emulating the x86 layer at full speed, while
maintaining full compatibility with 32 bit apps and presenting
opportunities to address larger amounts of memory beyond 4 GBs. Since
then, 64 bit processors have become wide-spread with Intel introducing
the extensions to their brand of processors back in 2005.

Editions

Windows Server 2008 R2
comes in a variety of editions, choosing which edition depends on your
environment and workloads. I previously mentioned that Windows Server 2008
R2 is the first 64 bit only release. Microsoft provides R2 in two distinct
64 bit architectures, the popular x86-x64 platform and the Intel Itanium
architecture which is used for high-end work loads such as Data Warehousing,
Online Transaction Processing, high performance computing and management of
large scale virtualization deployments.

Edition

Features

Windows Web Server 2008

Web Services for Deployment of Websites and
applications

Microsoft .NET Framework

IIS

ASP.NET

Application Server

Network Load Balancing

DNS Server

Windows Server Update Services

4 Physical Socket Processors

32 GBs of RAM

Windows Server 2008 R2 Standard

Hyper-V

4 Physical Socket Processors

Up to 32 GBs of RAM

Windows Server 2008 R2 Enterprise

All features of Standard

Active Directory Federation Services

Fail Over Clustering

8 Physical Socket Processors

Up to 2 TBs of RAM

Windows Server 2008 R2 Datacenter

All the features of Enterprise and Standard

Hot add memory and processors

Hot replace memory and processors

64 Physical Socket Processors

Up to 2 TBs of RAM

With this upgrade to
Windows Server, Microsoft is also introducing a new member to the Windows
Server family: Windows Server 2008 R2 Foundation Edition, there are
distinction limitations and features in this new sibling targeted mainly at
Small Business environments:

No support for Active Directory Federation Services

No support for Hyper-V

Supports deployment of Certificate Authorities but no
support for other related services

No support for DirectAccess Management

No support for Failover Clustering

Supports 1 Physical processor only

Supports up to 8 GBs of RAM

Installation

Just like Windows Server
2008, installing R2 remains an uneventful experience, if you have installed
Windows 7 before, you have installed Server 2008 R2. Microsoft has changed
how you configure the initial phases of the Server when it’s in workgroup
mode. A lot of the wizard based portions that were common in Windows Server
2003 OOBE are scrapped and integrated into Roles based feature and by
default you are setup as the Administrator which is typical and required to
install and configure additional features. Desktop features which were once
available in Server 2003 such as Windows Media Player are now designated to
a specific role under Initial Configuration Task called Add Features, if you
decide to enable them, although I don’t know why you would want things like
Media Player 12 or Aero Glass on a Server.

Interface

Server 2008 R2 shares a familiar Windows 7 look with similar explorer’s only
that by default, the Windows Classic theme is used. Standard among the
client and server is the welcome screen, which utilizes a different approach
to logging on (DOMAIN\Username), the only thing you need to type in is your
password. Of course for persons using Vista to log on to a Domain, the
DOMAIN\Username must be specified manually, the old Domain list field is
nowhere in this release. Administrators will notice the new Taskbar which is
not as aesthetically pleasing when Aero is enabled, but there are some
significant benefits such as quicker access to tools through Jumplist,
ability to rearrange buttons and organization of multiple windows for a
program.

Active
Directory

The Domain Service itself
supports the improved R2 functional level, the key benefits being you are
able to take advantage of improvements in performance and management of your
Domains. For instance, the new Active Directory Recycle Bin supports undoing
deletion of AD objects. After enabling AD Recycle Bin, link value and
non-linked attributes of a deleted object are safeguarded, giving you piece
of mind to restore the object as it was before it was deleted removing the
need for authoritative restoration. When enabled, User accounts setup with a
password through Kerberos on a Domain can be better managed with isolated
privileges. Since we are on the subject of accounts, Server R2 introduces
two new types of accounts: Managed Service and Virtual Accounts.

Virtual account –
available locally for services supporting
access to the network from a computer within the Domain.

Service account –
designed for services that need the highest
of reliability in case of problems that arise, it is managed by the OS and
Service Principle Names.

Managed service accounts
allow you to create a real account stored within the OU in Active Directory.
You can then set it up on the local server and apply it to the local user
you can the setup the local service to use it. Virtual Service Accounts on
the other hand are configured as a local service to gain access to the
network based on the computers identity within the Domain. Since the actual
identity exist it is not necessary to create the actual account.

Active Directory
Administration Center is a new feature of AD for managing task and
activities such as creation of groups, OU’s, connecting one or more domains,
performing searches across the Active Directory. Utilizing both PowerShell
and the .NET Framework 3.51 as a basis for administering tasks, Active
Directory Admin Center relies on both components installed and configured.
Significant enhancements have been added to Microsoft’s directory service
which stores information about objects on a network and makes this
information available to users and network administrators. Certificate
Services for instance is much easier to deploy technologies such as Public
Key Infrastructure and Network Access Protection. If your Administrator has
enabled support for NAP, when you connect your PC, it is checked to see if
it is in compliance with standards implemented by the Administrator, such as
software, settings and updated Antivirus. If everything is not updated, your
access to the network can be limited until all those outstanding issues are
resolved.

Authentication Mechanism Assurances makes the procedures
involved in allowing access to resources within a Domain much easier for an
Administrator if a certificate is used to authenticate. You can provision
which groups use different methods to log on, either by Smart Card for
instance or certificate based. There is support over HTTP for enabling
enrollment of services such as Certificate Enrollment Web and Certificate
Enrollment Policy services. This enhances performance for Certification
Authority in multiple forest setups. ADAC also utilizes the benefits of
Active Directory Web Services. Administrators must make sure that a minimum
of one DC in an AD Domain have ADWS setup and essential services configured
to take advantage.

Windows
Powershell

One of the caveats of
managing the Virtual and Service accounts is you will have to do it through
Windows Powershell 2.0 through using the Active Directory component. Digging
into Microsoft’s next generation command line shell, Administrators can
expect it by default in Windows Server installations. Depending on how your
Windows Server R2 installation is deployed you will be able to access a
graphical console or a command line interface if you are using Server Core.
PowerShell works similarly to the Command Prompt and the same commands will
continue to work from CMD. Some of the things you can do include:

Remote Management (Windows Remote Management must be
enabled through Server Manager and PowerShell setup to run with
Administrator privileges).

Execution of Scripts for task such as Startup, Logg off
or shutdown

Managed Group Policy using included CMDLets

PowerShell Remoting –
Windows PowerShell uses the standard management
protocol WS Management (WS-MAN) to invoke Cmdlets on client PCs. It supports
two types of remoting: fan-out remoting which provides one-to-many remoting
capability so you can run management scripts across multiple PC’s from a
single console, and one-to-one interactive remoting, for remotely
troubleshooting a specific computer.

PowerShell Restricted
Shell – You can use the PowerShell Restricted
Shell to create a custom shell in which only certain commands and command
parameters arevailable to system administrators. You cal also set access
permissions or active control lists (ACLs) on custom scriptios, so that
administrators can access only scripts which they have been granted rights.

Print
Management

There have been many great
improvements in Windows Server 2008 R2 to improve print management,
administration, and reliability. The Print Management Console (PMC), which
is designed to make managing multiple print servers very efficient, has been
improved with new filter capabilities to enable more customized views and
queries. Regardless of the amount of printers and print drivers that are
deployed, PMC allows the administrator to easily manage everything at once.

Additionally, PMC exposes
various new features in Server 2008R2, including the ability to modify
Driver Isolation settings on the print server for specific drivers. Driver
Isolation allows print drivers to run in a separate process from the rest of
the print system. This allows for a much more stable and reliable print
experience as driver crashes no longer take down the entire print sever. As
the majority of print server reliability issues are related to problematic
print drivers, this feature greatly improves system reliability and up-time.

The Delegated Print
Administrator functionality which was added in Server 2008R2 allows for a
non system administrators to be delegated permissions so that they can
perform most print admin tasks. This makes it possible to designate a
specific user to become a “Delegated Print Administrator” without having the
security issues of making them a full system administrator.

Networking

Server 2008 R2 introduces support for
DNSSEC (Domain Name System Security Extensions). The benefit of it is you
can let your DNS servers safely approve zones in addition to hosting DNSSEC
authorized zones. Because the DNS Client in both Windows Server 2008 R2 and
Windows 7 can send queries that show approval for DNSSEC, process related
records can be indicated whether records on the DNS Server are validated.
First introduced in Windows Vista with a focus on centralized management of
your Networking Experiencing in Windows Server 2008 R2 continues to
build on Network and Sharing with an innovative
approach to how Networks are accessed and identified. There are three types
of Network classes in Windows Server 2008 R2 and Windows 7: Public, Work and
Domain. These profiles are setup to retain information about your network is
configured and how you connect them using the Network discovery, sharing and
firewall settings for each network class. Basically, you can have multiple
networks with different settings applied to each. The Windows Firewall
controls how information is inbound and outbound rules for these network
profiles. Windows Server 2008 R2 in particular is savvier by supporting
multiple active firewall profiles when connected to a particular network.

Performance

A new feature is Core
Parking which manages the power consumption multi-core processors based on
the types of work load. Server 2008 R2 adds support for Advanced
Configuration and Power Interface standard (version 4.0). Server 2008 R2
uses a balanced power plan which utilizes the new ACPI standard which makes
it easier to determine the minimum and maximum limits for the state of a
processor core. Cores that are not needed for a particular workload are set
to idle while those being partially used are throttled.

Improvements

Hyper-V – first released as an add on for Windows Server 2008 180 days
after its release, Hyper-V is now a part of the Windows Server 2008 R2
release. Improvements include live migration, dynamic virtual machine
storage and enhancements to processor and networking support.

Group Policy – PC’s that are not connected to the network can be limited
to which applications can be accessed, removable storage devices to be
encrypted and audit user activity more granularly. In Windows 7, the Group
Policy Management Console has been extended to include 25 PowerShell Cmdlets
that allow for better integration with Group Policy features and functions.
You can open up the ‘black box’ of Group Policy and automate configuration
of any registry key with a combination of simple and powerful cmdlets.
Command Line support allows you seamlessly create, configure, link and even
backup Group Policy objects quickly.

Windows 7 adds improvements
to its Drive Encryption Technology (BitLocker) providing better offline data
protection. Enhanced by the use of the Trusted Platform Module (TPM), a new
feature based on BitLocker technology called ‘BitLocker To Go’ allows drive
encryption to be extended to portable storage devices such as Thumb-drives
or External USB hard disk with support for file systems such as FAT, FAT32
and exFAT in addition to NTFS for improved compatibility. This allows for
better management in cases such as applying restrictions on how these
devices are accessed and used. Although BitLocker is still limited to the
Ultimate and Enterprise editions of Windows 7, once BitLocker to Go is
enabled the device can still be used on any edition of Windows 7 in addition
to Windows XP. BitLocker is also easier to install and configure, simply
right-click a drive in Computer Explorer and click the ‘Turn on BitLocker’
option on the contextual menu. I noticed though that large devices 2 GBs or
more can take a long time to encrypt, so I suggest you don’t do it on a
whim. Other improvements include no need for manual portioning or use of
third party tools. Windows 7 also creates a hidden partition for BitLocker
instead of a new one like Vista. Enterprises can also benefit from the Data
Recovery Agent support for all protected disk volumes which allows
Enterprises to store recovery data in Active Directory and recover volume
data if required.

Action Center

Making your operating
system communicate with you can be a daunting task. Its something
researchers have been working on for many decades now. Microsoft with
Windows 7 might have just found a solution. The way Windows has communicated
a problem for many releases has varied over the years. We are all aware of
the blue memory dump screen affectionately called the blue screen of death
or random dialogs featuring stop sign or exclamation triangle with some
unintelligible text. Windows has evolved over the years by making the
experience more friendly and human, with Windows XP some problems or items
that needed attention were moved to tool tip balloons in the Notification
Area. Users complained they were annoying and a bit too intrusive at times.
Vista focused on centralizing messages the system gave out through the
Problem Reports and Solutions Control Panel item. This was a respectable
effort that made finding and managing the problems associated with a variety
of aspects of your system (hardware, software) less daunting, there still
existed the problem of tool tip notifications and scattered experiences
across a variety of activities associated with Windows.

Action Center shell
features a clean well organized layout categorized into two main areas
Security and Maintenance and additional quick links to Troubleshooting,
Recovery and other available options under the Control Panel Task Pane.

Security

The Security Area of Action
Center provides vital information about your security status, with colored
notifications that indicate the severity of a problem. As you can see, my
current status is red along with a summary noting that my Antivirus program
is out of date. With one click I can immediately update my Antivirus right
there to resolve that problem.

Red indicates that there is a security threat or potential for
loss of data if the problem is not corrected.

Yellow
indicate that you should attempt to fix the problem but there is no risk to
your computer if you don't.

If I need additional
information, simply click the chevron button, this will reveal information
regarding areas of the system such as Network Firewall, Windows Update,
Internet Security settings, User Account Control and Network Access
Protection. The key aspect here is the centralized summary of the systems
health which makes it easier to manage and maintain. For consumers and
business users, User Account Control and Network Access Protection provide
greater ease of use when working with your computer and simplifies the
security experience for users who connect to a business Network.

User Account Control
notifications can be better controlled when it comes to notifying you about
changes to your system. If you had upgraded to Windows Vista, you will
remember the numerous User Account Control dialogs you had to contend with,
whether its accessing an area of the system, installing a program or doing
some random task.

Windows 7 provides a more
passive experience with UAC, you will still see a few, but it’s not
triggered for every action taken. UAC also gives the user more information
about why it does what it does. For instance, an application is shown which
part of the system it needs to access or need to write to. UAC is still
annoying, but it’s not in your face. The enhanced settings provide users the
option of controlling how they are notified of potential changes to the
system. Similar to Internet Explorers ‘Security level for this zone’
setting, users have a choice between Never and Always Notify.

This area of Action Center
deals with Problem Reports/error messages that the system has encountered.
If you have not submitted them yet, you can click the Check for Solutions
link that might be available to resolve the problem. Backup is also featured
here and notifies you about out of date backups or files that need to be
backed up. When you click the Chevron button, it reveals additional details
such as whether you need to check for updates or if an action is required
for a particular problem you might be experiencing.

Problem Reports and
Solutions which was introduced with the release of Windows Vista is now a
part of the Action Center shell. Whenever your computer encounters errors
software or hardware related, Problem Report keeps a log of all these
problems. If you click the 'View problems to report' link under Maintenance
you might see a backlog of problems that you can check for possible
solutions.

Problems are organized into
categories that allows you to easily associate an issue with a particular
area of the system. As you can see in the above screenshot, I have multiple
issues related to my Antivirus program, Network, third party application
installer and the Windows Explorer shell. You have the option to pick and
choose how you want to report problems. If you want to check for solutions
to all problems, just check the 'Select All' box, if you consider some
problems to not be detrimental you can check for solutions on a case by case
basis. Other factors can include your Internet Connection, because a lot of
diagnostics data is sent to assist with the resolution of the problem, it
can take some time to send the information.

This probably is the
highlight of Action Center in Windows 7, the subtle notification experience
and quick access to items that need attention. Situated in the Notification
area of the Taskbar is the Action Center Flag, if you hover your mouse
pointer over the icon, you will see a tool tip revealing the amount of
pending messages that need attention. When clicked it reveals additional
details and you can click an individual message to resolve the issue right
away or just open the Action Center to review all messages.

Another thing I like about
Action Center it is very customizable, you are not restricted to doing what
the program says. If you click on the Action Center settings link under
Control Panel Home, you will see the option to fine tune what types of items
you would like to receive reports and messages about or what type of
information you would like Windows 7 to diagnose and send to resolve.

If you have not checked out
Action Center, now is the time to do so. The centralized experience makes it
seamless for managing and maintaining the health of your PC. The simplified
convenience of the interface, ability to customize and mitigate issues
quickly makes this addition to Windows, a definite winner!

Synergies

Windows Server 2008 R2
sounds like a spectacular upgrade, but you will realize significant benefits
when it is deployed with Windows 7 Microsoft’s latest client operating
system on the desktop.

AppLocker

DirectAccess

BranchCache

Enterprise Search Scopes

Direct Boot from VHD

AppLocker uses a rule based setup for specifying which applications can
run, so you get the flexibility you need in determining which users can run
which applications, scripts and installation of programs. AppLocker also
introduces publisher rules that are based on application’s digital
signature, which makes it possible to build rules that survive application
updates. For example, you could create a rule to “allow all versions greater
than 3.0 of the program Mozilla Firefox to run if its signed by the software
publisher Mozilla. This allows for better confidence in your deployments
without having to build another rule for a new version of the Firefox.

DirectAccess simplifies management of remote PC’s. There is no need to
wait for users to return to the office to or connect to VPNs to update PCs.
Instead, you can keep remote computers updated with required policies or
updates anytime the computers connect the Internet – even if they aren’t
logged on to the network.

BranchCache – With the release of Windows XP, Microsoft introduced
Background Intelligent Transfer Service and Distributed File System
Replication service with Windows Server 2008 to mitigate issues with network
latency and bandwidth for PC’s in branch offices. BranchCache in Windows
Server 2008 R2 and Windows 7 takes it to the next level by simulating the
experiences of having access to the same resources at the headquarters. This
is done by caching content from remote file servers in the branch location,
users will then be able to access these resources much faster.

When a file is accessed for the first time from the
file server, Windows will copy the file from central server and cache
file at the branch server.

When the user who accesses that file or another user
at the branch office accesses the file, Windows checks for the file in
the local cache, if found, Windows checks back the central server to see
if there are any changes since the last time it was accessed. If there
are no changes, the file is retrieved from the branch cache avoiding the
need to do any unnecessary transfer back from the central cache.

Enterprise Search Scopes
– Searching your intranet is much easier. With
Search Scopes, you can deploy up to give pre-defined links through Group
Policy on worker PC’s to direct them to the right data sources and help them
more easily find what they need. Enterprise search scopes appear on the
Start menu and at the bottom of search results in Windows Explorer in the
Search Again In section of the box.

VHD Boot utilizes virtualization technologies to ease the transition
between physical and virtual environments. With VHD Boot, enterprises can
reuse the same master image both within a virtual desktop infrastructure and
on physical PC’s.

Windows Server 2008 R2 is a
major release and just as consumers are in love with Windows 7, folks in the
IT World should feel just the same about Microsoft’s latest NOS. Obviously I
have only touched the tip of the ice berg here, I have not even looked at
some of the renamed Terminal Services roles such as Remote Desktop Services
which includes significant enhancements for how users access session based
desktops, virtual machine based desktop and applications hosted by remote
servers. Overall, I think the Windows Server Team has done a fantastic job
by continually innovating with each release. Windows Server 2008 was not as
synergistic with Vista as 2008 R2/Windows 7 are. Any organization that is
planning to move to Windows 7 seriously needs to consider Windows Server
2008 R2 in that equation. The core focus on simplified management,
efficiency and flexibility will ensure that your IT infrastructure runs like
a well oiled machine from the backend to the desktop.

Improvements through scalability and flexibility with
Hyper-V R2 Significant improvements to productivity for mobile users
when deployed together with Windows 7 on the desktop such as
BranchCache and Direct Access.

Better application management and access through BitLocker

Simplified Administration through new and improved Active Directory
Services.

Limited need for VPN on the client side

The Bad Points

Requires serious planning and thought when
contemplating deployment.

Features such as Hyper-V, Direct Access will require serious
hardware or signicant investment in upgrades to see reliable
performance from aforementioned technologies.

Although Windows 7 is not required to use Windows Server 2008 R2 on
the Server side, you probably will see more benefits when both are
deployed together.